Problem sa virusom

1

Problem sa virusom

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 289
  • Gde živiš: Vranje

Napisano: 15 Sep 2013 10:40

Koristim Eset smart security antivirus koji nemože da obriše virus,nisam uspeo da pročitam koji je virus u pitanju nešto kao Win 32 trojan drooper tako nekako i još neki ,kaže da će biti obrisan prilikom ponovnog pokretanja računara ali opet ništa,nemoguće je pokrenuti system restore point jer su se ti fajlovi izgubili ??Neznam koko da ih povratim a i juče sam napravio novi restore point.
Problem se desio prilikom prebacivanje failova sa usb memorijske kartice,i sada na usb kartici mogu da koristim svega 4-5 programa a ostalo je u vidu shorcut-a...Ujedno da napomenem da sam zalazio po raznim sajtovima radi skidanja programa,craka.Juče sam probao i sa Malwarebyte i ništa ujedno mi odgovorite šta da radim sa usb mmc.Koristim ADSL konekciju.
Da napomenem da nikako nemogu da zaustavim ili obrišem iz starta ovo:
"C:\ProgramData\Realtek0\omylcqksw.exe
Ovo mi je najviše sumnjivo;Realtek0 omylcqksw
Evo i loga:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2
Run by Hranca at 10:15:14 on 2013-09-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3071.1697 [GMT 2:00]
.
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET lični zaštitni zid *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.EXE
C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mobogenie\mgusb.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Hranca\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Realtek Audio Manager] \Windows\Explorer.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoSMBalloonTip = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: RunStartupScriptSync = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll
DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{47DA6221-F032-4FA7-AC51-0010E42B3AB1} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{509A287C-B7E3-4FCC-911E-BC94F16EEE30} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{75C9A330-DD36-4C72-96D5-F079E91CD177} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{BD5EC01A-EB3E-4874-948B-EFC7239B9638} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
IFEO: rstrui.exe - ndtcr_.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-IFEO: rstrui.exe - ndtcr_.exe
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-11-28 57904]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-10-8 211344]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-10-8 59440]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-9 235520]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-11-26 1329304]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-14 27136]
R2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [2013-1-20 12824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-14 418376]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-19 4308320]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2009-6-30 411136]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2013-1-20 44624]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\Windows\System32\drivers\dtscsibus.sys [2013-3-6 29696]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-14 25928]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2012-12-30 34032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-14 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S2 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [2013-1-20 580648]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfSdkS64.exe [2013-1-20 544768]
S3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-3-6 580672]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-10-21 14448]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2013-1-12 15360]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-2-15 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-2-15 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-3 19456]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-3 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-21 1255736]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S4 WO_LiveService;Ashampoo LiveTuner Service;C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [2013-1-20 884608]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\AcroRd32.exe="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe" "%1" [UserChoice] [default=Read - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-09-14 18:27:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-14 18:27:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-14 13:24:58 922112 ----a-w- C:\Users\Hranca\AppData\Roaming\Updater.exe
2013-09-14 13:15:31 -------- d-sh--w- C:\ProgramData\Realtek0
2013-09-14 13:15:24 -------- d-sh--w- C:\Users\Hranca\AppData\Roaming\msgr
2013-08-16 21:05:05 53152 ----a-w- C:\Windows\System32\USBCoInstaller.dll
2013-08-16 21:03:09 -------- d-----w- C:\Users\Hranca\AppData\Local\cache
2013-08-16 21:03:08 -------- d-----w- C:\Users\Hranca\AppData\Local\Mobogenie
2013-08-16 21:02:59 -------- d-----w- C:\Program Files (x86)\Mobogenie
.
==================== Find3M ====================
.
2013-09-14 19:09:16 281768 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-09-14 19:09:16 281768 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-09-14 18:00:44 281768 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-08-17 06:22:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-17 06:22:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-06 06:45:25 73216 ----a-w- C:\Windows\ST6UNST.EXE
2013-08-06 06:45:25 249856 ------w- C:\Windows\Setup1.exe
2013-06-22 16:20:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-22 16:20:48 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-22 16:20:48 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 10:15:33,69 ===============

https://www.mycity.rs/must-login.png

Dopuna: 15 Sep 2013 10:50

Sad sam ulovio poruku od Eseta
C:\ProgramData\Realtek0\omylcqksw.exe
Njega izbacuje kao injector AMTG trojanac
taj fail nepostoji u računaru nemogu ga nigde naći ima ga samo u startu
HKCU:Run Google Update Google Inc. "C:\Users\Hranca\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Evo starta:

HKCU:Run Realtek Audio Manager "C:\ProgramData\Realtek0\omylcqksw.exe"

HKCU:Run swg Google Inc. "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKLM:Run egui ESET "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

HKLM:Run mobilegeni daemon Beijing AmazGame Age Internet Technology Co., Ltd. C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav, cvetko_a


Exclamation Ne koristi u toku slucaja USB, njega cemo ocistiti nakon sto sredimo sistem.



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.



Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 289
  • Gde živiš: Vranje

ComboFix 13-09-14.01 - Hranca 15.09.2013 15:15:34.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3071.1807 [GMT 2:00]
Running from: c:\users\Hranca\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET lični zaštitni zid *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dxoludite.exe
c:\users\Hranca\AppData\Roaming\inst.exe
c:\users\Hranca\AppData\Roaming\Updater.exe
c:\users\Hranca\AppData\Roaming\vso_ts_preview.xml
c:\windows\box.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-08-15 to 2013-09-15 )))))))))))))))))))))))))))))))
.
.
2013-09-15 12:45 . 2013-09-15 12:45 -------- d-----w- c:\program files (x86)\AppFiles
2013-09-15 12:45 . 2013-09-15 12:50 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-09-14 18:27 . 2013-09-14 18:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-14 18:27 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-14 13:15 . 2013-09-14 16:40 -------- d-sh--w- c:\programdata\Realtek0
2013-09-14 13:15 . 2013-09-14 13:15 -------- d-sh--w- c:\users\Hranca\AppData\Roaming\msgr
2013-08-16 21:05 . 2013-08-16 21:05 53152 ----a-w- c:\windows\system32\USBCoInstaller.dll
2013-08-16 21:03 . 2013-09-12 21:24 -------- d-----w- c:\users\Hranca\AppData\Local\cache
2013-08-16 21:03 . 2013-09-07 16:09 -------- d-----w- c:\users\Hranca\AppData\Local\Mobogenie
2013-08-16 21:02 . 2013-09-12 21:24 -------- d-----w- c:\program files (x86)\Mobogenie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-14 19:09 . 2013-02-03 11:32 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-09-14 19:09 . 2012-04-30 15:53 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-14 18:00 . 2013-02-03 11:32 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-08-17 06:22 . 2012-04-02 15:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-17 06:22 . 2012-04-02 15:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-06 06:45 . 2013-01-18 11:04 249856 ------w- c:\windows\Setup1.exe
2013-08-06 06:45 . 2013-01-18 11:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-06-22 16:20 . 2013-06-22 16:20 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-22 16:20 . 2012-06-16 11:19 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-22 16:20 . 2012-06-16 11:19 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-02 39408]
"Realtek Audio Manager"="c:\programdata\Realtek0\omylcqksw.exe" [2013-09-14 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2013-09-10 646336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\rstrui.exe]
"Debugger"=r_.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe [x]
R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files (x86)\Windows Live\Messenger\usnsvc.exe;c:\program files (x86)\Windows Live\Messenger\usnsvc.exe [x]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job
- c:\users\Hranca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 09:31]
.
2013-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job
- c:\users\Hranca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 09:31]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 15:16]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 15:16]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job
- c:\users\Hranca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 13:31]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job
- c:\users\Hranca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 13:31]
.
2013-09-14 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-09-15 c:\windows\Tasks\ReclaimerUpdateFiles_Hranca.job
- c:\users\Hranca\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 12:38]
.
2013-09-14 c:\windows\Tasks\ReclaimerUpdateXML_Hranca.job
- c:\users\Hranca\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 12:38]
.
2013-09-15 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Hranca.job
- c:\users\Hranca\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 12:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 6325936]
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]
"Debugger"=r_.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: raiffeisenbank.rs\rol
TCP: DhcpNameServer = 192.168.1.1
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll
DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3660575161-1947987749-166325203-1000_Classes\CLSID\{E9B5582A-EACD-AB45-A77F-46BEFB2A4005}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\omylcqksw.exe]
@Denied: (A B 2 3) (Everyone)
"DisableExceptionChainValidation"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\windows\SysWOW64\WerFault.exe
c:\program files (x86)\Mobogenie\mgusb.exe
.
**************************************************************************
.
Completion time: 2013-09-15 15:37:27 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-15 13:37
.
Pre-Run: 30.158.815.232 bytes free
Post-Run: 30.011.850.752 bytes free
.
- - End Of File - - 153E4DEF0EFE6DE340D106B6CAE8CD39
A36C5E4F47E84449FF07ED3517B43A31

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\programdata\Realtek0
c:\users\Hranca\AppData\Roaming\msgr
c:\program files (x86)\MyPC Backup

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Realtek Audio Manager"=-

ClearJavaCache::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 289
  • Gde živiš: Vranje

ComboFix 13-09-14.01 - Hranca 15.09.2013 22:27:25.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.3071.1828 [GMT 2:00]
Running from: c:\users\Hranca\Desktop\ComboFix.exe
Command switches used :: c:\users\Hranca\Desktop\CFScript.txt.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET lični zaštitni zid *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MyPC Backup
c:\program files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe
c:\programdata\Realtek0\nnkzcpsaq.exe
c:\programdata\Realtek0\omylcqksw.exe
c:\users\Hranca\AppData\Roaming\msgr
.
.
((((((((((((((((((((((((( Files Created from 2013-08-15 to 2013-09-15 )))))))))))))))))))))))))))))))
.
.
2013-09-15 20:34 . 2013-09-15 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-15 12:45 . 2013-09-15 12:45 -------- d-----w- c:\program files (x86)\AppFiles
2013-09-14 18:27 . 2013-09-14 18:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-14 18:27 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-14 13:15 . 2013-09-15 20:32 -------- d-----w- c:\programdata\Realtek0
2013-08-16 21:05 . 2013-08-16 21:05 53152 ----a-w- c:\windows\system32\USBCoInstaller.dll
2013-08-16 21:03 . 2013-09-12 21:24 -------- d-----w- c:\users\Hranca\AppData\Local\cache
2013-08-16 21:03 . 2013-09-07 16:09 -------- d-----w- c:\users\Hranca\AppData\Local\Mobogenie
2013-08-16 21:02 . 2013-09-12 21:24 -------- d-----w- c:\program files (x86)\Mobogenie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 16:28 . 2013-02-03 11:32 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-09-15 16:28 . 2012-04-30 15:53 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-15 15:37 . 2013-02-03 11:32 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-08-17 06:22 . 2012-04-02 15:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-17 06:22 . 2012-04-02 15:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-06 06:45 . 2013-01-18 11:04 249856 ------w- c:\windows\Setup1.exe
2013-08-06 06:45 . 2013-01-18 11:04 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-06-22 16:20 . 2013-06-22 16:20 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-22 16:20 . 2012-06-16 11:19 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-22 16:20 . 2012-06-16 11:19 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2013-09-10 646336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe [x]
R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files (x86)\Windows Live\Messenger\usnsvc.exe;c:\program files (x86)\Windows Live\Messenger\usnsvc.exe [x]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job
- c:\users\Hranca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 09:31]
.
2013-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job
- c:\users\Hranca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 09:31]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 15:16]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 15:16]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job
- c:\users\Hranca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 13:31]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job
- c:\users\Hranca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 13:31]
.
2013-09-15 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-09-15 c:\windows\Tasks\ReclaimerUpdateFiles_Hranca.job
- c:\users\Hranca\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 12:38]
.
2013-09-15 c:\windows\Tasks\ReclaimerUpdateXML_Hranca.job
- c:\users\Hranca\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 12:38]
.
2013-09-15 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Hranca.job
- c:\users\Hranca\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-02 12:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 6325936]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: raiffeisenbank.rs\rol
TCP: DhcpNameServer = 192.168.1.1
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll
DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3660575161-1947987749-166325203-1000_Classes\CLSID\{E9B5582A-EACD-AB45-A77F-46BEFB2A4005}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\omylcqksw.exe]
@Denied: (A B 2 3) (Everyone)
"DisableExceptionChainValidation"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-15 22:44:43
ComboFix-quarantined-files.txt 2013-09-15 20:44
ComboFix2.txt 2013-09-15 13:37
.
Pre-Run: 29.859.860.480 bytes free
Post-Run: 29.805.563.904 bytes free
.
- - End Of File - - 073564EFDB4CC7CE2ED9281016004890
A36C5E4F47E84449FF07ED3517B43A31

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Privodimo kraju, jos da izvrsimo dodatne provere...


Korak 1.


Preuzmi Farbar Recovery Scan Tool i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.
Tvoj Windows je 64-bitna verzija.


Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".




Korak 2.


Preuzmi TDSSKiller i sacuvaj ga na Desktop
Dvoklikom pokreni TDSSKiller.exe ...

klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.


Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)[/quote]

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 289
  • Gde živiš: Vranje

Napisano: 16 Sep 2013 14:51

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by Hranca (administrator) on HRANCA-PC on 16-09-2013 14:33:49
Running from C:\Users\Hranca\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Hranca\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [6325936 2012-11-26] (ESET)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-04-02] (Google Inc.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [NoSMBalloonTip] 1
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [646336 2013-09-10] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9B5EEFBD070FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sr-rs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: HKLM-x32 {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} https://rol.raiffeisenbank.rs/RaiffeisenDLL/SAWZip.dll
DPF: HKLM-x32 {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} https://rol.raiffeisenbank.rs/RaiffeisenDLL/EbankingWWW.dll
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazon......5.1.0.cab
DPF: HKLM-x32 {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1235.0517.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Hranca\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hranca\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hranca\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: OneClickDownloader - C:\Users\Hranca\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com
FF Extension: gophoto - C:\Users\Hranca\AppData\Roaming\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi
FF Extension: No Name - C:\Users\Hranca\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF Extension: No Name - C:\Users\Hranca\AppData\Roaming\Mozilla\Firefox\profiles\extensions\search.sqlite
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Extension: (Gmail) - C:\Users\Hranca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [580672 2013-03-06] (Disc Soft Ltd)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2627920 2011-03-03] (Diskeeper Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1329304 2012-11-26] (ESET)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2013-02-17] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-03] ()
S3 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 usnjsvc; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [98672 2007-05-17] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580648 2012-07-17] (WiseCleaner.com)
S3 WLSetupSvc; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [228208 2007-05-16] ()
S4 WO_LiveService; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerService.exe [884608 2012-05-14] ()

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44624 2011-02-14] (Diskeeper Corporation)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-03-06] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [211344 2012-10-08] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [149592 2012-10-08] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [189208 2012-10-08] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [59440 2012-10-08] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [57904 2012-11-28] (ESET)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R2 LiveTunerPM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\LiveTunerProcessMonitor64.sys [12824 2011-03-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-01-11] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2013-01-11] ()
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2012-12-30] (Sony Ericsson Mobile Communications)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-04-04] ()
U3 a1na4qk0; C:\Windows\System32\Drivers\a1na4qk0.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 SANDRA; No ImagePath
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 14:33 - 2013-09-16 14:33 - 00000000 ____D C:\FRST
2013-09-16 14:31 - 2013-09-16 14:31 - 01951150 _____ (Farbar) C:\Users\Hranca\Desktop\FRST64.exe
2013-09-16 14:31 - 2013-09-16 14:31 - 00000000 ____D C:\Users\Hranca\Desktop\Tekstovi
2013-09-15 22:44 - 2013-09-15 22:44 - 00019672 _____ C:\ComboFix.txt
2013-09-15 15:04 - 2013-09-16 14:19 - 00004900 _____ C:\Windows\PFRO.log
2013-09-15 14:59 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-15 14:59 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-15 14:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-15 14:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-15 14:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-15 14:59 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-15 14:59 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-15 14:59 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-15 14:58 - 2013-09-15 22:45 - 00000000 ____D C:\Qoobox
2013-09-15 14:57 - 2013-09-15 15:32 - 00000000 ____D C:\Windows\erdnt
2013-09-15 14:52 - 2013-09-15 14:53 - 05126233 _____ (Swearware) C:\Users\Hranca\Downloads\ComboFix (1).exe
2013-09-15 14:51 - 2013-09-15 14:51 - 00384318 _____ ( ) C:\Users\Hranca\Downloads\Mobile_phone_IMEI_unlocker_v1.3_[(zabranjeno)ED] (1).exe
2013-09-15 14:45 - 2013-09-15 14:45 - 00000000 ____D C:\Program Files (x86)\AppFiles
2013-09-15 14:44 - 2013-09-15 14:52 - 00000000 ____D C:\Users\Hranca\Downloads\SetupIns
2013-09-15 14:43 - 2013-09-16 14:20 - 00000224 _____ C:\Windows\setupact.log
2013-09-15 14:43 - 2013-09-15 14:43 - 00000000 _____ C:\Windows\setuperr.log
2013-09-15 14:42 - 2013-09-15 14:42 - 00384318 _____ ( ) C:\Users\Hranca\Downloads\Mobile_phone_IMEI_unlocker_v1.3_[(zabranjeno)ED].exe
2013-09-15 10:11 - 2013-09-15 10:11 - 05126233 ____R (Swearware) C:\Users\Hranca\Desktop\ComboFix.exe
2013-09-15 09:39 - 2013-09-16 14:22 - 00158511 _____ C:\Windows\WindowsUpdate.log
2013-09-14 20:27 - 2013-09-14 20:27 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-14 20:27 - 2013-09-14 20:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-14 20:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-14 20:25 - 2013-09-14 20:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hranca\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-14 18:53 - 2013-09-14 18:53 - 00001664 _____ C:\Users\Public\Desktop\Recuva.lnk
2013-09-14 18:45 - 2013-09-14 18:45 - 00000745 _____ C:\Users\Hranca\Documents\TombRaider.log
2013-09-14 17:51 - 2013-09-14 17:51 - 00354699 __RSH C:\PNGIJ
2013-09-14 17:51 - 2013-09-14 17:51 - 00000000 __RSH C:\mkxt.ld
2013-09-14 15:15 - 2013-09-16 14:20 - 00000000 ____D C:\ProgramData\Realtek0
2013-09-14 15:15 - 2013-09-14 15:15 - 00003210 _____ C:\Windows\System32\Tasks\Windows Update Check - 0x0BC402F2
2013-09-13 22:58 - 2013-09-15 14:56 - 00000367 _____ C:\Users\Hranca\Desktop\New Text Document.txt
2013-09-10 10:34 - 2013-09-10 10:35 - 00541984 _____ C:\Users\Hranca\Documents\Spojeno.mp3.sfk
2013-09-10 10:16 - 1995-01-01 02:00 - 00000044 _____ C:\Users\Hranca\Desktop\Track02.cda
2013-09-02 17:39 - 2013-09-16 14:20 - 00000380 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Hranca.job
2013-09-02 17:39 - 2013-09-15 17:52 - 00002968 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Hranca
2013-09-02 17:39 - 2013-09-15 17:52 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Hranca.job
2013-09-02 17:39 - 2013-09-15 11:45 - 00002972 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Hranca
2013-09-02 17:39 - 2013-09-15 11:45 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Hranca.job
2013-09-02 17:39 - 2013-09-02 17:39 - 00003618 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Hranca
2013-09-02 17:39 - 2013-09-02 17:39 - 00002676 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Hranca
2013-08-17 08:38 - 2013-08-17 08:42 - 00000000 ___RD C:\Users\Hranca\Desktop\MOBILNI

==================== One Month Modified Files and Folders =======

2013-09-16 14:33 - 2013-09-16 14:33 - 00000000 ____D C:\FRST
2013-09-16 14:31 - 2013-09-16 14:31 - 01951150 _____ (Farbar) C:\Users\Hranca\Desktop\FRST64.exe
2013-09-16 14:31 - 2013-09-16 14:31 - 00000000 ____D C:\Users\Hranca\Desktop\Tekstovi
2013-09-16 14:28 - 2012-04-02 16:08 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6599C1B7-5469-40F1-81BD-1AD35A6AC043}
2013-09-16 14:22 - 2013-09-15 09:39 - 00158511 _____ C:\Windows\WindowsUpdate.log
2013-09-16 14:20 - 2013-09-15 14:43 - 00000224 _____ C:\Windows\setupact.log
2013-09-16 14:20 - 2013-09-14 15:15 - 00000000 ____D C:\ProgramData\Realtek0
2013-09-16 14:20 - 2013-09-02 17:39 - 00000380 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Hranca.job
2013-09-16 14:20 - 2012-04-02 17:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-16 14:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-16 14:19 - 2013-09-15 15:04 - 00004900 _____ C:\Windows\PFRO.log
2013-09-15 23:21 - 2013-08-16 23:03 - 00005600 _____ C:\Users\Hranca\daemonprocess.txt
2013-09-15 23:14 - 2013-01-26 21:07 - 00000000 ____D C:\Users\Hranca\AppData\Roaming\HLSW
2013-09-15 22:58 - 2013-02-03 13:32 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-09-15 22:58 - 2012-04-30 17:53 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-09-15 22:57 - 2012-04-02 17:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-15 22:54 - 2012-09-28 09:27 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job
2013-09-15 22:45 - 2013-09-15 14:58 - 00000000 ____D C:\Qoobox
2013-09-15 22:44 - 2013-09-15 22:44 - 00019672 _____ C:\ComboFix.txt
2013-09-15 22:36 - 2013-03-15 11:31 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000UA.job
2013-09-15 22:35 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-15 22:29 - 2009-07-14 06:45 - 00046544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-15 22:29 - 2009-07-14 06:45 - 00046544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-15 19:24 - 2013-01-19 00:05 - 00001096 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-09-15 18:28 - 2013-02-03 13:32 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-09-15 18:00 - 2013-04-14 21:01 - 00000468 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2013-09-15 17:52 - 2013-09-02 17:39 - 00002968 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Hranca
2013-09-15 17:52 - 2013-09-02 17:39 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Hranca.job
2013-09-15 15:37 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-15 15:32 - 2013-09-15 14:57 - 00000000 ____D C:\Windows\erdnt
2013-09-15 14:57 - 2012-09-28 09:27 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job
2013-09-15 14:56 - 2013-09-13 22:58 - 00000367 _____ C:\Users\Hranca\Desktop\New Text Document.txt
2013-09-15 14:53 - 2013-09-15 14:52 - 05126233 _____ (Swearware) C:\Users\Hranca\Downloads\ComboFix (1).exe
2013-09-15 14:52 - 2013-09-15 14:44 - 00000000 ____D C:\Users\Hranca\Downloads\SetupIns
2013-09-15 14:51 - 2013-09-15 14:51 - 00384318 _____ ( ) C:\Users\Hranca\Downloads\Mobile_phone_IMEI_unlocker_v1.3_[(zabranjeno)ED] (1).exe
2013-09-15 14:50 - 2012-03-31 08:26 - 00000000 ___RD C:\Users\Hranca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-15 14:45 - 2013-09-15 14:45 - 00000000 ____D C:\Program Files (x86)\AppFiles
2013-09-15 14:43 - 2013-09-15 14:43 - 00000000 _____ C:\Windows\setuperr.log
2013-09-15 14:42 - 2013-09-15 14:42 - 00384318 _____ ( ) C:\Users\Hranca\Downloads\Mobile_phone_IMEI_unlocker_v1.3_[(zabranjeno)ED].exe
2013-09-15 11:45 - 2013-09-02 17:39 - 00002972 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Hranca
2013-09-15 11:45 - 2013-09-02 17:39 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Hranca.job
2013-09-15 10:36 - 2013-03-15 11:31 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3660575161-1947987749-166325203-1000Core.job
2013-09-15 10:11 - 2013-09-15 10:11 - 05126233 ____R (Swearware) C:\Users\Hranca\Desktop\ComboFix.exe
2013-09-14 23:24 - 2013-01-20 11:53 - 00000000 ____D C:\Users\Hranca\AppData\Roaming\Wise Care 365
2013-09-14 21:30 - 2012-03-31 23:25 - 00000000 ____D C:\Users\Hranca\AppData\Roaming\uTorrent
2013-09-14 20:59 - 2013-01-21 17:29 - 00000000 ____D C:\Users\Hranca\Desktop\text
2013-09-14 20:27 - 2013-09-14 20:27 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-14 20:27 - 2013-09-14 20:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-14 20:26 - 2013-09-14 20:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hranca\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-14 18:53 - 2013-09-14 18:53 - 00001664 _____ C:\Users\Public\Desktop\Recuva.lnk
2013-09-14 18:53 - 2013-04-13 18:03 - 00000000 ____D C:\Program Files\Recuva
2013-09-14 18:46 - 2013-02-02 21:44 - 00000000 ____D C:\Games
2013-09-14 18:45 - 2013-09-14 18:45 - 00000745 _____ C:\Users\Hranca\Documents\TombRaider.log
2013-09-14 18:32 - 2013-08-08 10:58 - 00000000 ____D C:\Program Files (x86)\Unlockroot
2013-09-14 17:51 - 2013-09-14 17:51 - 00354699 __RSH C:\PNGIJ
2013-09-14 17:51 - 2013-09-14 17:51 - 00000000 __RSH C:\mkxt.ld
2013-09-14 15:15 - 2013-09-14 15:15 - 00003210 _____ C:\Windows\System32\Tasks\Windows Update Check - 0x0BC402F2
2013-09-14 14:38 - 2009-07-14 07:13 - 00782986 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 23:24 - 2013-08-16 23:03 - 00000000 ____D C:\Users\Hranca\AppData\Local\cache
2013-09-12 23:24 - 2013-08-16 23:02 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-09-10 10:56 - 2012-04-02 18:04 - 00000000 ____D C:\Users\Hranca\AppData\Roaming\vlc
2013-09-10 10:37 - 2012-04-16 08:02 - 00000000 ____D C:\Users\Hranca\Documents\My Games
2013-09-10 10:35 - 2013-09-10 10:34 - 00541984 _____ C:\Users\Hranca\Documents\Spojeno.mp3.sfk
2013-09-07 18:09 - 2013-08-16 23:03 - 00000000 ____D C:\Users\Hranca\AppData\Local\Mobogenie
2013-09-02 17:39 - 2013-09-02 17:39 - 00003618 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Hranca
2013-09-02 17:39 - 2013-09-02 17:39 - 00002676 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Hranca
2013-08-19 00:21 - 2009-07-14 07:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-18 13:03 - 2012-03-31 08:25 - 00000000 ____D C:\Users\Hranca
2013-08-17 08:44 - 2013-01-20 11:27 - 00000000 ___RD C:\Users\Hranca\Desktop\Tools
2013-08-17 08:42 - 2013-08-17 08:38 - 00000000 ___RD C:\Users\Hranca\Desktop\MOBILNI
2013-08-17 08:22 - 2012-04-24 08:10 - 00000000 ____D C:\Users\Hranca\AppData\Local\Adobe
2013-08-17 08:22 - 2012-04-02 17:16 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-17 08:22 - 2012-04-02 17:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\Hranca\fbchathistory.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 10:02

==================== End Of Log ============================
https://www.mycity.rs/must-login.png

Dopuna: 16 Sep 2013 14:56

Log od tdsskiller.exe prikačen je

https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Otvori Notepad i iskopiraj sledeci tekst koji se nalazi unutar osencenog prostora.

C:\ProgramData\Realtek0
C:\Users\Hranca\fbchathistory.dat


U okviru Notepad-a klikni na File --> Save As

Fajl nazovi fixlist.txt i sacuvaj na Desktop

Dvoklikom ponovo pokreni FRST.exe

Klikni na Fix i sacekaj dok program ne završi

Ukoliko program zatraži restart racunara, omoguci mu da to nesmetano obavi.

Nakon završetka rada, otvorice se Notepad, sa sadržajem koji treba da kopiraš u temu.

Takode, na Desktop-u ce se nalaziti fixlog.txt.





==============================================


Kakvo je sada stanje?

offline
  • Pridružio: 20 Feb 2005
  • Poruke: 289
  • Gde živiš: Vranje

Napisano: 16 Sep 2013 19:45

C:\ProgramData\Realtek0 => Moved successfully.
C:\Users\Hranca\fbchathistory.dat => Moved successfully.
Sad kada restartujem računar proveriću stanje pa vam odgovaram

Dopuna: 16 Sep 2013 19:52

Stanje je dobro nemam više obaveštenja od strane eseta.
Da pitam za usb mmc da je ubacim u računar ili ???

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Preuzmi MCShield sa sljedeće adrese:

http://amf.mycity.rs/mcshield/MCShield-Setup.exe

Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

Idi na Start -> All Programs -> MCShield -> Logs -> AllScans

Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku

Ko je trenutno na forumu
 

Ukupno su 861 korisnika na forumu :: 45 registrovanih, 8 sakrivenih i 808 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AF-1, AK - 230, amaterSRB, Andrija357, ArmyBoss, arsa, babaroga, Bane san, Bogoslov, Brankoni, cenejac111, Ctrl x, darcaud, Dorcolac, Drug pukovnik, goxin, goxsys, hyla, Koca Popovic, krlebgd77, manda87, Marko Marković, MB120mm, meelosh64, mercedesamg, Mercury, Ognjen D., pein, raketaš, Recce, rovac, Sale.S, saputnik plavetnila, Singidunumac, Smd, Sr.Stat., Srle993, Toni, uruk, vasa.93, VJ, voja64, xJeremijAx, |_MeD_|